AIM Phishing- http://isc.incidents...date=2004-07-21Updated July 22nd 2004 11:31 UTC"Phishing is not just for e-mail anymore. A reader associated with antiphishing.org reported a new twist to this scheme that advertises malicious URLs via Instant Messaging. This scheme has been used a few times in the past to distribute viruses. This new message reads "you have been sent a picture. To view it, Click here". In this sample, the 'From' address is four random letters. However, a 'trusted' name could be used.

It is important to understand that most instant messaging systems use only weak authentication schemes. Instant messaging is not a tool to exchange confidential information. Only few instant messaging systems allow for encryption and sophisticated authentication. If you need instant messaging to communicate confidential information, use a system which allows you to control the server and provides for encryption and reasonable authentication. Jabber is an example of a free package."

- http://isc.sans.org/...date=2004-07-25Updated July 26th 2004 02:30 UTC"...We had yet another report by fellow handler Scott Fendley of a USBank phishing email. This site collected your personal banking information including asking for your password. The site brought up two webpages, the valid USBank web page and a second webpage that appeared to be from USBank asking you to confirm your information. The information was then posted back to the site where the request originated from. This was reported to the offender's ISP and USBank. Remember to always think before you click. Any request for your personal information that you were not expecting should be verified..."

Your Daily Phish- http://isc.sans.org/...date=2004-08-01Updated August 2nd 2004 01:25 UTC"...A user submitted to ISC today another phishing email scam. This one wanted the victim to change their pin number. As a general reminder, keep in mind which email address, if any, you have given to your financial institution(s) and always verify before you update any information requested via email..."

"...Always verify before you update any information..." (hopefully, your phone is still in working order)- Words of Wisdom

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

- http://isc.sans.org/...date=2004-08-04"On individual response to phishing emails:Phishing incidents are on the rise. The handlers are receiving more and more reports of suspicious emails...recommended response procedure is as follows: i) report the email to the impersonated company’s abuse address (typically this is abuse@victimdomain.) Include a copy of the email and the full delivery headers. Their teams will use this information to determine the source of the email, and the location of the collection server. ii) report the incident to antiphishing.org. They are scientifically tracking these incidents and organizing responses. ..."

.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Phishing attacks on the increase- http://www.pcw.co.uk/news/1157086"Phishing rose by almost a fifth in June, with 1422 unique attacks reported to the Anti-Phishing Working Group. According to a report from the Group and security firm Websense, there were an average of 47.4 phishing attacks in June, up 19 per cent from 38.6 reported in May...Criminals have honed their methods of attack and are using executable code that copies key strokes in addition to sending the more conventional emails seeking personal details...'So, they've started to deploy executable code that copies all your key strokes that sends it to a server somewhere across the world. 'To drop it, they send an email that looks like you want to open it. They try and find a subject that is serious enough for you to open it and then drop the code into your machine'..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

A New Twist to Phishing Reported- http://isc.sans.org/...date=2004-08-16Updated August 16th 2004 20:04 UTC"We are starting to see more and more phishing sites which are not targeting specific financial institutes but are targeting general ecommerce. We have seen "fake" online banks, sporting good stores, and pharmacy's.

Characteristics:* no contact information* no domain name* many hosted in China or S Korea.* no secure ordering process* reported by thousands of spam engines

Do-It-Yourself Phishing Kits Lead To More Scams- http://www.techweb.c...WB20040819S0006August 19, 2004 - By Gregg Keizer, TechWeb News "Do-it-yourself phishing kits are freely available on the Internet, a security firm said Thursday, and they will lead to more scams sent to online consumers. “Until now, phishing attacks have been largely the work of organized crime gangs,” said Graham Cluley, a senior technology consultant at the U.K.-based security vendor Sophos...The problem's grown so far so fast that on Wednesday, the National Consumers League, the oldest consumer advocacy group in the U.S., said that this purloining of identity is now the fourth most common type of Internet fraud. To combat the scams, the NCL launched an awareness campaign to educate users about how phishing works, how they can protect themselves, and where to go for help. The group backed up the campaign with a new Web site:- http://www.phishinginfo.org/

...Although Sophos isn't certain about the reason why scammers have started to distribute do-it-yourself phishing kits, it's possible, said Cluley, that they're doing it simply because they can...He recommended that end users be extra-wary of any messages asking them to confirm financial information. “Recipients of suspicious emails claiming to come from online banks should just delete them,” he said. “And certainly not click on the links contained within the messages.”..."

.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

New Scam Tactic Hits Online- http://www.eweek.com...a=135038,00.aspSeptember 13, 2004"In the escalating clash between online scammers and security vendors, the attackers have once again developed new tactics that give them the upper hand in bypassing filters and infiltrating corporate networks...The new techniques, which experts began seeing sporadically earlier this year and in large waves in recent weeks, involve the use of a process called steganography, or embedding or hiding text in an image. In the most recent cases, spam and phishing messages have incorporated complex images containing text. In some cases, the image files include hidden code designed to exploit known vulnerabilities in e-mail clients and Web browsers...The most prominent example of the steganography wave is a recent variation on the ubiquitous Citibank phishing scam that attempts to lure recipients into disclosing online banking user names and passwords. Previous versions used text and images, such as authentic-looking Citibank logos and privacy seals. But versions that began surfacing recently are made up of one large image file containing all the text..."- http://www.antiphish...e_upgrade).html

.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Scammers use Gmail invite as phishing hook- http://news.com.com/...g=st.util.printSeptember 15, 2004"Scammers have caught on to the allure of Gmail and are using the Google e-mail service for a "phishing" scam to harvest e-mail addresses and passwords...In this case, the scammers send the phishing e-mail to existing holders of Gmail accounts, offering them the opportunity to invite three or six of their friends to join Gmail. The body of the e-mail reads "I found this e-mail very weird." It continues to read: "The Gmail Team is proud to announce that we are offering Gmail free invitation packages to the existing Gmail account holders. By now you probably know the key ways in which Gmail differs from traditional webmail services. Searching instead of filing. A free gigabyte of storage. Messages displayed in context as conversations. Just fill in the form below to claim your free invitation package." The "Gmail Team" asks users to give away their Gmail addresses and passwords to get the invites. The e-mails are currently able to make their way through Gmail's spam filters..."

.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Phishers Fake FDIC Web Site- http://www.techweb.c..._section=700028September 24, 2004"Phishers spoofed the Federal Deposit Insurance Corporation's (FDIC) again Thursday and using bogus e-mails, tried to entice consumers to sign up for non-existent service that tracks suspicious activity on credit, debit, and bank ATM cards. Like many other recent phishing scams, this one plays off consumers' knowledge of the danger of identity theft...Once consumers have been drawn to the site, a very close copy of the actual Web site of the FDIC, the government-backed insurer of bank accounts, they're encouraged to "register" their cards with the service. "You will be protected from unauthorized use of your card or account information. With FDIC's Zero Liability policy, your liability for unauthorized transactions is $0 -- you pay nothing!" the site read.-> Of course, there is no such thing as a "Zero Liability" policy through the FDIC..."

>>> http://www.fdic.gov/...erts/index.html"...Since January 23, 2004, criminals have been using the FDIC's name and reputation to perpetrate various “phishing” schemes. It is important to note that the FDIC will -never= ask for personal or confidential information in this manner..."

.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

New phishing method steals bank log-in details- http://www.theregist...ishing_exploit/4 November 2004"Over the last two weeks, MessageLabs has monitored a small number of these dangerous new emails, which are capable of sidestepping the need for user intervention in phishing attacks. Users who only open maliciously constructed emails to be exposed to risk. These emails contain scripts that rewrite the host files of targeted machines. This means that next time a user attempts to access their online banking account they will be automatically redirected to a fraudulent website instead, enabling their log-in details to be stolen. So far, MessageLabs has only intercepted copies of emails targeting three Brazilian banks, but if the technique catches on it could have potentially serious consequences.

>>> A defence is available. Providing surfers have Windows Scripting Host disabled they are not at risk from this particular type of phishing attack. MessageLabs said the technique illustrated the increased sophistication of phishing techniques fraudsters are developing.

Alex Shipp, senior anti-virus technologist at MessageLabs, said: "By reducing the need for user intervention, the perpetrators are making it easier to dupe users into handing over the contents of their bank accounts. Most banks have advised their customers to be wary of any email asking for personal banking details, but in this case all they have to do is open an apparently innocent email and their bank details could be silently sabotaged. "We currently detect between 80 and 100 new phishing websites a day, showing just how prolific the threat has become. It is a moving target, making it harder to identify and defend against," he added."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Phishers Up Scam Ante With New Tactic- http://www.techweb.c..._section=700028November 08, 2004"Phishers are using a money-scamming technique that can fool even the most cautious consumer, a message security firm warned Monday. Scotts Valley, Calif.-based SurfControl said that its researchers have spotted a tactic used to exploit flaws in the Web sites for SunTrust Bank and Citibank Australia that let the scammers replace legitimate content on those sites with their own bogus material, all without monkeying with the authentic URL of the institutions. In the past, phishers relied on a host of techniques to disguise the address of their phony Web sites from on-alert users, some of which relied on now-patched vulnerabilities in Microsoft's Internet Explorer browser.

"This is definitely one of the most sophisticated phishing techniques we've ever seen," said Susan Larson, SurfControl's vice president of content, in a statement. "Up until now, an informed computer user stood a chance of being able to identify a suspicious URL. This new technique demonstrates how computer criminals are engaged in a constantly evolving series of increasingly sophisticated efforts to defraud the public."

The phishers take advantage of a bug in the search script used on the two banking sites to run a Javascript page that displays their own site instead of a real page from Citibank or SunTrust. The best way for users to protect themselves against phishing attacks...is to never divulge confidential information in response to an unsolicited e-mail, even if it appears to come from an institution or business the user deals with. Another defensive tactic is to never click on Web site links embedded within unsolicited messages."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

- http://isc.sans.org/...date=2004-11-16Updated November 17th 2004 10:10 UTC"If It Sounds Too Good To Be True...We received a report from a reader who found a little more than he bargained for when looking for a cheap used car. It appears that some rather unsavory characters are posting "deals" online that carry some surprises. When you go to look at photos of your "ride-to-be", the seller tells you "please check the pictures on the file. Are packed with WinZip SelfExtract, I don't have much space in this free host and I can put the on the server. After you download it, if you open the file will ask you where to unpack the files."Uh... sure...The executable packs a bit more than some candid photos of your dream car. It carries a version of the QHosts trojan which makes changes to your hosts file pointing domain names for various escrow services to a specific IP address. The seller then insists that to "safeguard" the transaction, an escrow service must be used. Care to guess the rest? Moral of the story: If it seems too good to be true, it probably is.

Don't Let This Happen To YouAnother reader pointed out a different scam. This time, the victim receives an email claiming that their credit card has been charged. The victim is given a link to view their "invoice." While none of this is new, the almost overwhelming barrage of exploit attempts at the other end of the "invoice" link was astounding. The victim's machine is hit with three different exploit attempts, targeting different vulnerabilities. It appears that some piece of dirt out there is an over-achiever..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

...Big Boost In Phishing Attacks- http://www.techweb.c..._section=700028November 24, 2004"...From September to October, phishing sites increased more than 100 percent.'Some automation had to be involved, with a bot network to either send more e-mails and/or host more sites,' said Dan Hubbard, the senior director of security at Websense, one of the two investigators who analyzed the phishing data for the group. 'In October, not only did the amount of reported phishing e-mails increase, but the number of phishing sites that were unique dramatically spiked, said Hubbard. Once we started investigating the characteristics of those sites, a lot of same traits kept repeating.' The shared characteristics of those phishing sites -- which host phony pages that look remarkably like real credit card, bank, online retailer, or e-payment sites -- ranged from using a little-known Web server to being hosted on broadband-connected systems to running at IP addresses outside the US. More than half of the phishing sites, for instance, are hosted on what appears to be broadband-connected PCs, and the common Web server -- SHS -- is a favorite of phishers, since its small footprint makes it easy to plant on a hacked PC..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

...SpoofGuard is a browser plug in that is compatible with Microsoft Internet Explore. SpoofGuard places a traffic light in your browser toolbar that turns from green to yellow to red as you navigate to a spoof site. If you try to enter sensitive information into a form from a spoof site, SpoofGuard will save your data and warn you. SpoofGuard warnings occur when alarm indicators reach a level that depends on parameters that are set by the user....

Phishers Take Cues From Hackers- http://www.techweb.c..._section=700028December 15, 2004"Phishing scams again surged last month, an industry organization said Wednesday, as tech-savvy crooks increasingly took up the tools of the hacker trade to steal consumers' personal and financial identities. According to the monthly report from the Anti-Phishing Working Group (AWPG), a consortium of more than 1,000 firms, including a majority of the top U.S. banks and ISPs, November saw yet another increase in the number of phishing Web sites spotted. During November, the group detected 1,518 scam sites, a 29 percent increase over October, and another record for the year.

Worse news than the boost in scamming sites -- which are often "hit-and-run" Web sites that stay up only an average of 6 days -- is the AWPG's analysis of an increase in the use of malicious code by phishers to steal credit card and bank account access and information from users worldwide. "They're definitely starting to cross the boundaries of spyware, phishing, and general virus writing," he said. "Some phishers are using portable executable files that actually run on the user's machine rather than just put a link in an e-mail. They're using viruses on your machine, which get there a number of different ways, that are fairly sophisticated. They don't do anything until you go to a known banking or credit card or retailing site that's listed in the virus, and then they either replace the site with their own [fake] version or capture keystrokes and transmit them to the criminals." Keyloggers are often in place on PCs that have been compromised earlier by malicious computer worms and viruses. In some cases, the phishers are only using what's already available. This trend, said Hubbard, builds on the one outlined last month by the AWPG, which then noted that many of the most virulent phishing attacks seemed to be coming from "bot networks," collections of previously-infected computers..."We've already seen indications that phishers are commanding automated distribution systems, apparently leveraging bot nets, known as zombies," said David Jevans, the chairman of the AWPG, in a statement accompanying the November report. "Those resources, combined with conventional keylogging and other innovative malicious code, is a threat scenario that could deliver more sophisticated attacks," Jevans added..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Netcraft "anti-phishing" toolbar- http://toolbar.netcraft.com/"...The Toolbar community is effectively a giant neighbourhood watch scheme, empowering the most alert and most expert members to defend everyone within the community against phishing frauds. Once the first recipients of a phishing mail have reported the target URL, it is blocked for community members as they subsequently access the URL. Widely disseminated attacks (people constructing phishing attacks send literally millions of electronic mails in the expectation that some will reach customers of the bank) simply mean that the phishing attack will be reported and blocked sooner.

The Toolbar also: * Traps suspicious URLs containing characters which have no common purpose other than to deceive. * Enforces display of browser navigational controls (toolbar & address bar) in all windows, to defend against pop up windows which attempt to hide the navigational controls. * Clearly displays sites' hosting location, including country, helping you to evaluate fraudulent urls (e.g. the real citibank.com or barclays.co.uk sites are unlikely to be hosted in the former Soviet Union)..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

These attacks now increasingly use worms and spyware to divert consumers to fraudulent sites without their knowledge, experts say. "If you think of phishers initially as petty thieves, now they're more like an organized crime unit," said Paris Trudeau, senior product manager for Internet-security firm SurfControl. Phishing attacks have reached 57 million U.S. adults and compromised at least 122 well-known brands so far, according to several estimates.

At the end of 2004 nearly half of these attacks contained some sort of spyware or other malicious code, Trudeau said..."

Identity Theft, Net Scams Rose in '04-FTC- http://www.reuters.c...storyID=7501166Feb 1, 2005"Americans lost at least $548 million to identity theft and consumer fraud last year as the Internet provided new victims for age-old scams, according to government statistics released Tuesday. The U.S. Federal Trade Commission said it received 635,000 consumer complaints in 2004 as criminals sold nonexistent products through online auction sites like eBay Inc. or went shopping with stolen credit cards.> Identity theft -- the practice of running up bills or committing crimes in someone else's name -- topped the list with 247,000 complaints, up 15 percent from the previous year. Fraud and identity theft cost consumers at least $437 million in 2003. Internet-related fraud accounted for more than half of the remaining complaints as scammers found victims through Web sites or unsolicited e-mail, the FTC said.> Auction fraud was the most common Internet scam, the FTC said in its annual fraud report, followed by complaints about online shopping and Internet access service..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Rise In Worst Spyware Shows Phishers At Work- http://www.techweb.c..._section=700028February 02, 2005"The worst kinds of spyware reached all-time highs in the last quarter of 2004, said a national ISP and an anti-spyware vendor as they released their quarterly SpyAudit report Wednesday. The numbers offer hard evidence to back up suspicions that phishing scammers are turning to deadlier, stealthier spyware to hijack identities and empty bank accounts...According to Atlanta-based EarthLink and Boulder, Colo.-based Webroot, the instances of system monitors -- better known as key loggers and screen grabbers -- and Trojan horses soared in the fourth quarter. System monitors logged a 230 percent increase and Trojans jumped by 110 percent over the previous quarter. Both marked record highs for the year in the fourth quarter...On average, about 1 in 6 PCs scanned by the EarthLink and Webroot anti-spyware software contains a system monitor. The rate of "infection" by Trojans is about the same..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

FraudEliminator is a FREE browser toolbar that protects you from online fraud scams, and have access to numerous other features, like seeing where different websites are located (geographically) and pop-up window blocking.

Why phishing works- http://johannes.home...hing-works.htmlFebruary 14, 2005 - Johannes Ullrich, CTO SANS Internet Storm Center"Enough has been said about phishing, but given the number of new scams I find in my inbox every day, not enough is been done against it. So what can be done against it? Maybe its time to look at why phishing works in the first place.Phishing works because we click on links and trust whatever we see on the screen. We have been thoroughly conditioned by our banks and credit card company to follow this pattern. It has helped us remember when our credit card bill was due, and reminded us of this 0% balance transfer offer. Given that no bank wanted to be left behind, the systems that supported these mailings have been implemented with haste and not care. For one of my banks, it is easy to spot the phish: Valid e-mail from this bank uses the from address domain of the massmailer, not the banks domain. However, the official mails are nice enough to remind users to please add the strange address to their address book in order to avoid running afoul of spam filters. So we have all been perfectly conditioned to click on everything that moves, never mind the spelling, grammar and other inconsistencies...There does appear to be a difference between US and European banks as well. European banks regularly use one time passwords and tokens. I have yet to see a single US bank to use either. I did my first online banking back in Germany around 1985. Back then, the bank handed me a sheet with one time use "transaction numbers". The scheme is simple: Each time you authorize a transaction, you use one of these numbers and cross it off the list. The sheet lasts about a year, and the bank will send you a new one in time."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Phishers Use Wildcard DNS to Build Convincing Bait URLs- http://news.netcraft..._bait_urls.htmlMarch 7, 2005"Phishing operations have begun using DNS wildcards and URL encoding to create email links that display the URLs of legitimate banking sites, but send victims to spoof sites designed to steal their login details. A wildcard DNS record (*.example.com) will resolve all requests that are not matched by any other record. Wildcards are typically used to manage errant or mistyped e-mail addresses, but have been routinely abused by spammers. In recent weeks wildcard DNS settings have been used in a wave of phishing attacks on Barclays Bank, in which the "bait" email included URLs starting with barclays.co.uk, followed by a lengthy sequence of letters and symbols. Several examples:

The phishers use a wildcard DNS setting at a third-party redirection service (kickme.to) to construct the URLS. The wildcard allows the display of URLs beginning with "barclays.co.uk," which is followed by a portion of the URL which is encoded to obscure the actual destination domain. The redirector at kickme.to/has.it forwards to a Barclays spoof site hosted...in Moscow. The spoof loads a page from the actual Barclays site, and then launches a data collection form in a pop-up window from the Russian server..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

- http://www.informati...cleID=160702186April 13, 2005"...There were 2,625 active phishing sites in February, growing at an average monthly rate of 26% since July, according to a recent report from the Anti-Phishing Working Group, a coalition of financial institutions, online retailers, Internet service providers, and law enforcement formed to prevent identity theft and fraud caused by phishing, pharming, and E-mail spoofing. In February, there were 13,141 new, unique phishing E-mail messages reported to the organization..."- http://www.antiphish...sumer_recs.html

Edited by apluswebmaster, 14 April 2005 - 09:48 AM.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Fraudsters deploy Botnets as DNS Servers to Sustain Phishing Attacks- http://news.netcraft...ng_attacks.htmlMay 4, 2005"Botnets controlled by fraudsters are running their own DNS nameservers on compromised computers, complicating the task of shutting down malicious sites. The technique can keep phishing sites accessible longer by making the nameservers a widely distributed moving target amongst thousands of compromised machines within a bot network.In recent days both the Internet Storm Center and DailyDave mailing list have received reports of botnets using rapidly-shifting DNS servers. The sophisticated new strategy makes it harder to target phishing sites at the nameserver level, which can be the most effective route to taking a malicious site offline. If fraudsters are able to compete effectively by deploying botnets as nameservers, additional emphasis will be placed upon the responsiveness of domain registrars...Bot networks aggregate computers that have been compromised allowing them to be remotely directed by the attackers. Botnets are being used for a variety of scams, including spamming, phishing, sniffing network traffic for unencrypted passwords, and click fraud targeting Google's AdSense program. A March report found that at least 1 million compromised machines are being used in botnets."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Fraudsters seek to make phishing sites undetectable by content filters- http://news.netcraft...nt_filters.htmlMay 12, 2005" More fraudsters are adopting new approaches in an effort to make phishing sites undetectable by common security measures such as firewalls and content filtering web proxies. By replacing some of the textual content on the phishing page with similar-looking images, fraudsters are making it much more difficult for automated systems to detect the presence of keywords such as "PayPal" and "credit card"...some of the page is made up from images, which are easily read by a human, but will be ignored by content filters which only process the text on the page...Because the content filters may not detect this page as being a PayPal phishing scam, it could slip through undetected, allowing the fraudster to harvest the credentials of thousands of PayPal customers..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

New phishing attack uses real ID hooks- http://news.com.com/...g=st.util.printMay 15, 2005 "Security researchers are reporting a new brand of phishing attack that attempts to use stolen consumer data to rip off individual account holders at specific banks...phishing e-mails arrive at bank customers' in-boxes featuring accurate account information, including the customer's name, e-mail address and full account number. The messages are crafted to appear as if they have been sent by the banks in order to verify other account information, such as an ATM personal-identification number or a credit card CVD code, a series of digits printed on the back of most cards as an extra form of identification...Cyota has already taken down several sites related to the personalized phishing schemes, but indicated that many more such sites have appeared since. The company is advising consumers to avoid sharing any financial information online without first verifying that a request for such data was sent for legitimate purposes..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Know your Enemy: Phishing- http://www.honeynet....apers/phishing/16th May 2005Behind the Scenes of Phishing Attacks...(EDIT/ADD:)"...IP address blocks hosting home or small business DSL addresses appear to be particularly popular for phishing attacks, presumably because the systems are often less well managed and not always up to date with current security patches, and also because the attackers are less likely to be traced than when targeting major corporate systems..."

Edited by apluswebmaster, 18 May 2005 - 08:10 AM.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

- http://www.news.vu/e...ated-lure.shtmlMay 19, 2005"...Over the last two weeks, MessageLabs has monitored a small number of these dangerous new emails, which are capable of sidestepping the need for user intervention in phishing attacks. Users who only open maliciously constructed emails to be exposed to risk. These emails contain scripts that rewrite the host files of targeted machines. This means that next time a user attempts to access their online banking account they will be automatically redirected to a fraudulent website instead, enabling their log-in details to be stolen. So far, MessageLabs has only intercepted copies of emails targeting three Brazilian banks, but if the technique catches on it could have potentially serious consequences.A defence is available. Providing surfers have Windows Scripting Host disabled they are not at risk from this particular type of phishing attack..."

Disabling Windows Script Host- http://www.slipstick...wsh.htm#disable(Updated Apr 26 2005)"If you want to retain the ability to run scripts when necessary, but avoid running them automatically, a good strategy is to change the default action for scripts so that they open in Notepad when you double-click them, rather than executing as scripts...step-by-step instructions..."

Hostile Consumer Profiling - You Are Exposed- http://home.business...iewID=news_viewMay 23, 2005"..."Hostile Profiling" is easily accomplished using two new types of attacks, registration attacks and password reminder attacks. These attacks exploit sites that employ e-mail addresses as user identifiers during the registration process or password reminding, allowing attackers to know whether a certain address belongs to a customer of such sites.By automatically attacking hundreds of Web sites, spammers and phishers can generate a detailed consumer profile from any e-mail address, including the owner's place of residence, hobbies, political views, purchasing preferences and health information, and then use this information for targeted spamming and phishing attacks. Blue Security has found that a large majority of Web sites, including eight of the top 10 Web sites in the United States, are vulnerable to registration attacks and password reminder attacks. Some Web sites are already taking measures to protect themselves against such assaults by requiring billing information with each registration or asking the user to solve a graphical challenge..."- http://www.bluesecurity.com/"Armed with your email address alone, spammers and phishers know almost anything about you, including your place of residence, hobbies, political views, purchasing preferences or even the state of your health. Hostile Profiling is easily accomplished using two new types of attacks - Registration Attacks and Password Reminder Attacks... Research findings in full, together with instructions how to protect yourself from such attacks can be found in the hostile profiling whitepaper (PDF)..."- http://download.blue...leProfiling.pdf(See: "Counter-measures" and "Protect Yourself")

EDIT/ADD:- http://www.techweb.c...urity/163700240May 23, 2005"...Few sites use the simple techniques that can stymie such attacks. eBay seems to be one of them. When TechWeb tried the password reminder technique at eBay, and used the bogus address "john@invalid.com," eBay responded with "eBay just sent your User ID to john@invalid.com. Check your email to get your User ID." It didn't verify that the address was in use on the site or not..."

Edited by apluswebmaster, 23 May 2005 - 01:24 PM.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

(Netcraft) Anti-Phishing Toolbar Now Available For Firefox- http://www.techweb.c...urity/163700999May 25, 2005"U.K.-based Web security firm Netcraft on Wednesday released a Firefox version of the anti-phishing toolbar that's been available for Microsoft's Internet Explorer since December 2004. The toolbar, which installs as a Firefox extension, or plug-in, automatically blocks suspected phishing sites identified by other users and verified by Netcraft. The company's database of Web site information is also used to display several attributes of any visited site, including its country location, longevity, and popularity. That information can be used to gauge possible risky sites, since most phishing sites are short-lived, and often hosted in countries like China and Russia. Netcraft claims that the toolbar has blocked more than 7,000 phishing sites since it debuted. The free Firefox toolbar can be downloaded from Netscraft's site"- http://toolbar.netcraft.com/install

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

* Phishing explodes: Phishing incidents reached a peak point in January 2005 and then dropped again. In May, phishing attacks exceeded anything previously recorded, increasing by 226 percent. * Viruses grew: In May 1 in 32.2 (3.12 percent of all email) emails contained some form of virus or trojan attack, a significant increase over the past month of 33 percent. To combat malwares such as Sober and Mytob, and other variants of these viruses, IBM advises organizations to keep antivirus signatures up-to-date, and to keep current with Windows patches. * Spam levels off: In May, 68.7 percent of inbound email traffic contained some form of spam. This figure has remained relatively unchanged over the past three months; During the same period, the proportion of unwanted email originating from known botnets and open proxy sources has dropped by a further 1.7 percent for the second month running. * Application hacking exploits: Ninety percent of target systems are exploited because of Web application hacking. Financial applications and online shopping accounts are popular targets. Top Web application vulnerabilities include: invalidated input; cross-site scripting flaws; injection flaws; broken authentication and session management; and improper error handling. * Malware scam: a malware hijacking threat was discovered operating from the host name iframeDOLLARS.biz. This website attempted to recruit partner websites to host a variety of malicious code to exploit Internet Explorer browsers. A successful exploit would result in numerous trojans, backdoors and spyware installed on the client. IBM has been identifying the hosting ISPs, strongly recommending the malicious Web sites be removed. * Educational institutions systems pharmed: In late May, after a long period of calm, IBM security analysts observed active exploitation of a Microsoft Library ASN.1 vulnerability. Correlating the signatures with other security events, IBM was able to determine that several attacking sources belonged to educational institutions, revealing that the attacking sources were compromised hosts, belonging to an Rbot network. IBM quickly notified customers and possibly infected institutions to address any outstanding issues.

"IT systems have become so crucial to today's business operations, work productivity, and customer service, that even a small disruption can have serious impact on business operations, and loss of data integrity or confidentiality can lose a customer base that took years to build"..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Phishers Up Ante With 5x Spike In Trojans- http://www.techweb.c...urity/165702797July 15, 2005"...Websense, a San Diego-based security company, has detected a "four- to five-fold increase in the number of Trojans during the last week of June and especially the first two weeks of July," said Dan Hubbard, Websense's senior director of security. "In July alone, we've seen more than a thousand different sites that are hosting this malicious code, and more than 100 unique Trojans," Hubbard added. The Trojan horses are either planting keyloggers on compromised systems, or retrieving downloaders that in turn install a keylogger, said Hubbard. All have the same goal: snatch usernames and passwords to specific online banking sites so that the criminals can empty accounts. "The keyloggers are going after a specific list of banks, and don't invoke themselves until or unless the user accesses the bank's Web site," said Hubbard. That list of banks, he noted, is hard-coded into the keylogger. Once in possession of the account access username and password, the keylogger then transmits the information back to the attacker(s), sometimes in an encrypted form using SSL (Secure Socket Layer). "Because it's using HTTPS, the traffic is undetectable," said Hubbard, another way that phishers are camouflaging their criminal acts. While the technique isn't new, it is seeing wider user by phishers.The Trojan horses (and thus the keyloggers) are installed after a user naively surfs to a malicious site linked in an e-mail or instant message, said Hubbard -- a now-standard tactic by hackers and phishers of all kinds. Those sites, which number in the hundreds, are hosted on free-of-charge U.S.- and U.K.-based Web hosting services, typically disguised as personal home pages, blogs, and home-made Web directories. The e-mails and IMs that entice users to these sites run the range from those claiming to be a message from an ISP or a company's IT department to others allegedly from friends sending electronic greeting cards, said Hubbard."They're using good old-fashioned social engineering," he said..."- http://www.websenses...php?AlertID=238

Edited by apluswebmaster, 16 July 2005 - 02:51 AM.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

- http://www.informati...cleID=166401789July 22, 2005"A new phishing attack that poses as a message from eBay Inc. is loose on the Web and fooling users with a genuine-looking message. The attack uses an E-mail that appears to come from eBay and says the company needs some information to protect the customer from Internet attacks. If users click on a link, they are taken to a form that asks for personal information, which is captured by the bad guys and could be used for identity theft and other problems. The messages were first spotted in Israel by security vendor Fortinet Inc., which reported Friday morning that security appliances at its customer sites had recorded 46,000 hits by the phishing wave. Based on the number of attacks and the speed at which they're spreading, Fortinet said this phishing attack ranked in the top 10 of all time. Fortinet said it recorded 12,000 hits in the first two hours after the first one was detected Thursday evening. "On a scale of 1 to 10 on creativity, this one is high up on fooling users," says Patrick Nolan, virus researcher at Fortinet. "But after the first click, it brings on text looking like any other phishing attack." He thinks the hackers are working hard to spread the attack quickly, because Fortinet usually sees only a couple of thousand phishing messages..."

Edited by apluswebmaster, 22 July 2005 - 05:07 PM.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Phishing attacks soar as viral onslaught wanes- http://www.theregist...malware_report/29 July 2005"The volume of phishing attacks on UK businesses in July increased 45 per cent, according to email security company BlackSpider Technologies. BlackSpider detected more than 360,000 emails carrying a phishing threat in July, compared to just under 250,000 in June 2005.Spam levels reached a yearly high in July, accounting for 77 per cent of all emails processed by BlackSpider. Meanwhile virus-laden emails dropped slightly from 2.9 per cent in June to 2.6 per cent in July. The NetSky-P virus toped BlackSpider's malware chart for the fifth successive month. Phishing fraud emails appeared at second and sixth places in Blackspider's top ten while variants of older viruses (namely NetSky, MyDoom and MyTob) made up the other places..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Phishing via Hosts File- http://www.websenses...php?AlertID=251August 03, 2005"Websense Security Labs™ has detected a new trojan variant that performs a phishing attack against users. The trojan modifies the hosts file on the infected machine, and then maps the real address of a bank to the IP address of a phishing site. This mapping causes users to be redirected to a phishing site when they attempt to access their bank account...the browser displays the correct web address, but has actually loaded a phishing site. After users enter their logon information into the fake website, they are redirected to the real website of the bank. This trojan also functions as a keylogger. The trojan starts capturing keystrokes once it detects an online banking site is being accessed. The trojan then uploads the captured keystrokes to the attacker..."

:eek:

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Brazil Pinches 85 Phishers- http://www.techweb.c...urity/170100794August 26, 2005"Brazilian police have arrested 85 people in connection with a phishing ring that pilfered over $33 million from duped consumers who handed over their online bank account usernames and passwords...Fraud in general, and phishing in particular, are serious problems in Brazil. The country's Computer Emergency Response Team -- its version of U.S. CERT -- recently released figures that shows e-fraud reports had more than tripled since April. Analysis done by the U.S.-based Anti-Phishing Working Group, meanwhile, has pegged Brazilian phishers as among the most aggressive and technically sophisticated in the world. The Brazilian arrests dwarf other raids recently carried out by global law enforcement, including 12 people nabbed in the U.K. May of 2004, five grabbed last December in Germany, and 15 pinched in Spain earlier this month."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Phishing Alert: Red Cross / Hurricane Katrina- http://www.websenses...php?AlertID=275September 04, 2005"Websense® Security Labs™ has received reports of a new phishing attack that targets people to donate money in order to support the relief efforts for Hurricane Katrina. The spoofed email is written in HTML and poses as if it was coming from the Red Cross. The email also has the Verisign "Secure Site" Logo on it to help deceive the end-user that it is legitimate. Upon connecting to the link provided within the email, the user is directed to a fraudulent website which is hosted in Brazil and was up at the time of this alert. The site is also hosting other content and appears to have been compromised. The user's credit card, expiry date, and PIN are requested through a online form and, once entered, the user is then redirected to the real Red Cross website..."

EDIT/ADD:- http://www.techweb.c.../ebiz/170700815September 06, 2005"In the eight days since the American Red Cross began collecting donations for Hurricane Katrina relief, it's gathered more than half of the $409 million total from the Web, the organization said Tuesday.Approximately $209 million has come from Web donations, the Red Cross said...Last week the Red Cross also appealed to 700,000 former contributors via e-mail, and raised $4.5-million. A follow-up was mailed on Thursday...

Some differences can be spotted, however, in the phishing site. While the real American Red Cross site includes links to information on non-online ways to donate -- such as by phone or by mail -- the bogus site has trimmed the choices to online only..."

Edited by apluswebmaster, 06 September 2005 - 02:44 PM.

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

- http://www.websenses...php?AlertID=297Update (September, 27th 2005):"With the support of several ISPs and Websense, The Salvation Army has been able to quickly shut down the fraudulent websites. As of this update, all known phishing sites which had targeted The Salvation Army are now offline.The Salvation Army would like the public to be aware that donations can be made securely at https://secure.salvationarmy.org/ . Details of The Salvation Army's response to the disasters presently facing the USA can be found at http://www.salvationarmyusa.org/ ...."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Bogus FIFA lottery scam hits the net- http://www.theregist...a_lottery_scam/28th September 2005"Fraudsters have launched a phishing campaign that tries to dupe football fans into believing they've won a FIFA-sponsored lottery in an attempt to steal bank account information. The bogus email notifications of supposed $1m winnings prey on interest in the Football World Cup tournament, scheduled to take place for the first time in South Africa in 2010. FIFA, the international football governing body, has posted a warning on its website. The latest spam attacks represent a phishing refinement on standard lottery scams themed around the 2010 World Cup dating back over a year or more. "Everyone should be suspicious if they are unexpectedly told they have won a fortune," said Graham Cluley, senior technology consultant for Sophos. "Computer users who fall for this trick will be feeling as sick as a parrot when their bank accounts are emptied and they find they have become the victim of identity fraudsters"..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Unsuspecting Users Still Freely Give Up Personal Info- http://www.techweb.c..._section=700028November 8, 2005"The vast majority of Americans are all too willing to give up private information that could be used to guess online account names and passwords, a security firm said Monday, showing that the threat of identity theft hasn't yet sunk in. RSA Security lured consumers with a bogus survey on New York City tourism and the promise of gift certificates. Official-looking pollsters in the city's Central Park asked questions ranging from the mundane -- "Is this your first visit to New York City?" -- to the personal -- "What's your mother's maiden name?" -- to duplicate how phishing attacks dupe users with real logos and industry lingo. More than 70 percent of those polled gave up their mother's maiden name -- a potential goldmine, since it's often used to confirm identities or demanded in a password reset -- while over 90 percent handed over their place and date of birth. More than half told the pollsters how they come up with online passwords."A lot of personal information actually functions like a password and, as such, needs to be robustly protected," said Chris Young, vice president of consumer authentication at RSA in a statement. "With a bit of sleuthing, motivated phishers can guess a password by having [a victim's] address and trying combinations that assume he's a fan [of a particular sports team]. Our survey reminds us that we all need to be more aware of such vulnerabilities, and take precautions."Young advised consumers to keep all aspects of their password-creation methodology, as well as all personal information, as secret as possible. He also recommended that users rely on a variety of passwords, not the same one for all accounts or access."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

IRS web site screwup used by phishing scammers- http://www.theinquir.../?article=2803730 November 2005"SOPHOS SAID that an email purporting to be from the Internal Revenue Service (IRS) sends people to a legitimate government site but is really a phishing scam. It uses a vulnerability on the real IRS site. The email promises US taxpayers a refund but leverages a security configuration error at the IRS site which then bounces the unwary to a bogus look alike site. Said Graham Cluley, senior tech consultant at Sophos: "The link in the email simply bounces the user off a US government website onto a site owned by the criminals, who are ready and willing to steal their credit card details, social security number and other personal information".The scam is more sophisticated than your average racket, said Cluley because people are invited to paste a link rather than click on a link, and do get to go to the IRS site briefly. He said that "unfortunately the way the government website has been configured allows the phishers to bounce the unwary in their direction instead". He said it should be a warning to every business and agency to be careful it cannot be abused. Sophos has a display of the government SNAFU, here..."- http://www.sophos.co...1/irsphish.html

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Windows hosts file modified by Phishing attacks- http://www.websenses...php?AlertID=363December 05, 2005"Websense® Security Labs™ has observed an increase in phishing attacks that use modifications to the Windows hosts file to deceive users. Various exploits and social engineering tricks are used to execute malicious code that appends several entries to the Windows hosts file. These entries redirect traffic from the legitimate web addresses of several banks to the IP address of a phishing site created by the attacker. The next time the user attempts to visit one of the targeted banks, they are instead redirected to arrive at a phishing site. However, the web address shown in the browser's address bar appears to be the correct address. The logon information of the unsuspecting user is captured, as they attempt to access the site. The example... targets four banks: HSBC Brazil, Banco Itau, Banco Banespa, and Bradesco. The phishing sites used in this attack are hosted in California and were online at the time of this alert...."

(Sample hosts file and screenshots shown at URL above.)

:eek:

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

Study says 1 in 4 targets of e-mail phishing scams- http://tinyurl.com/9ccmmDec 7, 2005"Roughly one in four U.S. Internet users are targets of phishing attacks -- phony e-mails seeking personal financial data -- according to a study conducted by Time Warner Inc.'s Internet unit AOL and the National Cyber Security Alliance. In a phishing attack, e-mails ask prospective victims to verify personal information through links to real-looking Web sites. According to the study, 70 percent of consumers who received such e-mails thought they were from legitimate companies...."Phishers are getting better at tricking consumers into revealing their bank account and financial information, and most Americans can't tell the difference between real e-mails and the growing flood of scams that lead to fraud and identity theft," said Tatiana Platt, AOL's chief trust officer, who's in charge of privacy and security. "Consumers need to be aware of the risk, and they need to use critical protections like anti-virus software, spyware protection, and a firewall to help protect them from online threats," she said..."

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.

- http://www.websenses...php?AlertID=368December 12, 2005"Websense® Security Labs™ has received reports of a new phishing attack that targets customers of Wal-Mart. Users receive an email message, written in HTML, claiming that their Wal-Mart logon account has been compromised. The message reminds users that the terms and conditions of their account require that it be under control at all times. The email message also states that the parties connected to the account have been involved in money laundering activities, illegal drugs, and various Federal Title 18 violations. When users click the link within the email, they are directed to a fraudulent website, which is hosted in the United States and was up at the time of this alert. The fraudulent site first requests the users' logon ID for www.walmart.com and then requests their credit card information and other personal identity specifics. This site has hosted phishing attacks for other targets in the past...As Christmas nears we expect further ecommerce-related fraudulent activity..."

(Phishing email screenshot available at URL above)

.The machine has no brain.
......... Use your own.
Browser check for updateshere.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.